mirror of
				https://codeberg.org/yeentown/barkey.git
				synced 2025-10-26 19:14:12 +00:00 
			
		
		
		
	fix: primitive 16: improper same-origin validation for user uri and url
This commit is contained in:
		
							parent
							
								
									ebea1a2962
								
							
						
					
					
						commit
						b74e2e9167
					
				
					 1 changed files with 24 additions and 4 deletions
				
			
		|  | @ -337,8 +337,18 @@ export class ApPersonService implements OnModuleInit { | |||
| 
 | ||||
| 		const url = getOneApHrefNullable(person.url); | ||||
| 
 | ||||
| 		if (url && !checkHttps(url)) { | ||||
| 			throw new Error('unexpected schema of person url: ' + url); | ||||
| 		if (person.id == null) { | ||||
| 			throw new Error('Refusing to create person without id'); | ||||
| 		} | ||||
| 
 | ||||
| 		if (url != null) { | ||||
| 			if (!checkHttps(url)) { | ||||
| 				throw new Error('unexpected schema of person url: ' + url); | ||||
| 			} | ||||
| 
 | ||||
| 			if (this.utilityService.punyHost(url) !== this.utilityService.punyHost(person.id)) { | ||||
| 				throw new Error(`person url <> uri host mismatch: ${url} <> ${person.id}`); | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		// Create user
 | ||||
|  | @ -539,8 +549,18 @@ export class ApPersonService implements OnModuleInit { | |||
| 
 | ||||
| 		const url = getOneApHrefNullable(person.url); | ||||
| 
 | ||||
| 		if (url && !checkHttps(url)) { | ||||
| 			throw new Error('unexpected schema of person url: ' + url); | ||||
| 		if (person.id == null) { | ||||
| 			throw new Error('Refusing to update person without id'); | ||||
| 		} | ||||
| 
 | ||||
| 		if (url != null) { | ||||
| 			if (!checkHttps(url)) { | ||||
| 				throw new Error('unexpected schema of person url: ' + url); | ||||
| 			} | ||||
| 
 | ||||
| 			if (this.utilityService.punyHost(url) !== this.utilityService.punyHost(person.id)) { | ||||
| 				throw new Error(`person url <> uri host mismatch: ${url} <> ${person.id}`); | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		const updates = { | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue